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Abstract. We consider the master/slave parameterised reachability problem for networks 
of pushdown systems, where communication is via a global store using only non-atomic 
reads and writes. We show that the control-state reachability problem is decidable. As 
' part of the result, we provide a constructive extension of a theorem by Ehrenfeucht and 

, Rozenberg to produce an NFA equivalent to certain kinds of CFG. Finally, we show that 

■ the non-parameterised version is undecidable. 

Note, this is the long version of work appearing in FSTTCS 2011. 
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1 Introduction 



A parameterised reachability problem is one where the system is defined in terms of a given input, 
usually a number n. We then ask whether there is some n such that the resulting system can 
reach a given state. An early result shows that this problem is undecidable, even when the system 
■ defined for each n is a finite state machine: one simply has to define the nth system to simulate 

a Turing machine up to n steps [2J. Thus, the Turing machine terminates iff there is some n such 
that the nth system reaches a halting state. 

Such a result, however, is somewhat pathological. More natural parameterised problems concen- 
trate on the replication of components. For instance, we may have a leadership election algorithm 
amongst several nodes. For this algorithm we would want to know, for example, whether there 
is some n such that, when n nodes are present, the routine fails to elect a leader. This problem 
walks the line between decidability and undecidability, even with finite-state components: in a ring 
network, when nodes can communicate to their left and right neighbours directly, Suzuki proves 
undecidability |32) : but, in less disciplined topologies, the problem becomes decidable [16] . 

In particular, the above decidability result considers the following problem: given a master 
process U and slave C, can the master in parallel with n slaves reach a given state. Communication 
in this system is by anonymous pairwise synchronisation (that is, a receive request can be satisfied 
by any thread providing the matching send, rather than a uniquely identified neighbour). This 
problem reduces to Petri-nets, which can, for each state of C, keep a count of the number of threads 
in that state. When communication is via a finite-state global store, which all threads can read 
from and write to (atomically) , it is easy to see that decidability can be obtained by the same 
techniques. 

These results concern finite-state machines. This is ideal for hardware or simple protocols. 
When the components are more sophisticated (such as threads created by a web-server), a more 
natural and expressive (infinite-state) program model — allowing one to accurately simulate the 
control flow of first-order recursive programs [20] — is given by pushdown systems (PDSs). Such 
systems have proved popular in the sequential setting (e.g. |8I14I29I2"T] ). with several successful 
implementations [6 7 29 . Unfortunately, when two PDSs can communicate, reachability quickly 
becomes undecidable [26] . 

In recent years, many researchers have tackled this problem, proposing many different approxi- 
mations, and restrictions on topology and communication behaviour (e.g. [2319110111 30 28 18]). A 
pleasantly surprising (and simple) result in this direction was provided by Kahlon [21| : the param- 
eterised reachability problem for systems composed of n slaves C communicating by anonymous 
synchronisation is decidable. This result relies heavily on the inability of the system to restrict the 



number of active processes, or who they communicate with. Indeed, in the presence of a master 
process U, or communication via a global store, undecidability is easily obtained. 

In this work we study the problem of adding the master process and global store. To regain de- 
cidability, we only allow non-atomic accesses to the shared memory. We then show — by extending 
a little-cited theorem of Ehrenfeucht and Rozenberg [T3J — that we can replace the occurrences of 
C with regular automate^- This requires the introduction of different techniques than those classi- 
cally used. Finally, a product construction gives us our result. In addition, we show that, when n 
is fixed, the problem remains undecidable, for all n. For clarity, we present the single- variable case 
here. In the appendix we show that the techniques extend easily to the case of k shared variables. 

After discussing further related work, we begin in Section [2] with the preliminaries. In Section[3j 
we define the systems that we study. Our main result is given is Section |4] and the accompanying 
undecidability proof appears in Section [5] In Section |6] we show how to obtain a constructive 
version of Ehrenfeucht and Rozcnbcrg's theorem. Finally, we conclude in Section [7] 

Related Work Many techniques attack parameterisation (e.g. network invariants and symmetry). 
Due to limited space, we only discuss PDSs here. In addition to results on parameterised PDSs, 
Kahlon shows decidability of concurrent PDSs communicating via nested-locks 22J. In contrast, 
we cannot use locks to guarantee atomicity here. 

A closely related model was studied by Bouajjani et al. in 2005. As we do, they allow PDSs to 
communicate via a global store. They do not consider parameterised problems directly, but they do 
allow the dynamic creation of threads. By dynamically creating an arbitrary number of threads at 
the start of the execution, the parameterised problem can be simulated. Similarly, parameterisation 
can simulate thread creation by activating hitherto dormant threads. However, since Bouajjani et 
al. allow atomic read/write actions to occur, the problem they consider is undecidable; hence, they 
consider context-bounded reachability. 

Context-bounded reachability is a popular technique based on the observation that many bugs 
can be identified within a small number of context switches [25) . This idea has been extended to 
phase-bounded systems where only one stack may be decreasing in any one phase [3 3 lj . Finally, 
in another extension of context-bounded model-checking, Ganty et al. consider bounded under- 
approximations where runs are restricted by intersecting with a word of the form . . . a* |15j . 
In contrast to this work, these techniques are only accurate up to a given bound. That is, they 
are sound, but not complete. Recently, La Torre et al. gave a sound algorithm for parameterised 
PDSs together with a technique that may detect completeness in the absence of recursion [33] . 

Several models have been defined for which model-checking can be sound and complete. For 
example, Bouajjani et al. also consider acyclic topologies |5|llj . As well as restricting the network 
structure, Sen and Viswanathan [30], La Torre et al. [33] and later Heufiner et al. [15] . show how 
to obtain decidability by only allowing communications to occur when the stack satisfies certain 
conditions. 

One of the key properties that allow parameterized problems to become decidable is that once 
a copy of the duplicated process has reached a given state, then any number of additional copies 
may also be in that state. In effect, this means that any previously seen state may be returned to 
at any time. This property has also been used by Delzanno et al. to analyse recursive ping-pong 
protocols [12] using Monotonic Set-extended Prefix Rewriting. However, unlike our setting, these 
systems do not have a master process. 

Finally, recent work by Abdulla et al. considers parameterised problems with non-atomic global 
conditions [F. That is, global transitions may occur when the process satisfy a global condition 
that is not evaluated atomically. However, the processes they consider are finite-state in general. 
Although a procedure is proposed when unbounded integers are allowed, this is not guaranteed to 
terminate. 



A reviewer points out that the upward-closure of a context free language has been proved regular by 
Atig et al. [5] with the same complexity, which is sufficient for our purposes. However, a constructive 
version of Ehrenfeucht and Rozenberg is a stronger result, and hence remains a contribution. 



2 Preliminaries 



We recall the definitions of finite automata and pushdown systems and their language counter- 
parts. We also state a required result by Ehrenfeucht and Rozenberg. 

Definition 1 (Non-Deterministic Finite Word Automata). We define a non-deterministic 
finite word automaton (NFA) A as a tuple (Q, r, A, go, JF) where Q is a finite set of states, r is 
a finite alphabet, go G Q is an initial state, J- C Q is a set of final states, and ACQxTxQis 
a finite set of transitions. 

We will denote a transition (g,7, (?) using the notation q — > q . We call a sequence q\ — > g 2 — > 
■ ■ ■ 7 ~~S q z a run of A. It is an accepting run if qi = go and q z G T . The language C(A) of an 
NFA is the set of all words labelling an accepting run. Such a language is regular. 

Definition 2 (Pushdown Systems). A pushdown system (PDS) V is a tuple (Q, S, r, A, go, F) 

where Q is a finite set of control states, S is a finite stack alphabet with a special bottom- of- stack 
symbol L, T is a finite output alphabet, qo G Q is an initial state, J- C Q is a set of final states, 
and A C (Q x U) x r x (Q x S*) is a finite set of transition rules. 

We will denote a transition rule ((q, a), 7, (g , w )) using the notation (g, a) (g , w'). The bottom- 

of-stack symbol is neither pushed nor popped. That is, for each rule (g, a) (q' , w') £ A we have, 
when a ^_L, w does not contain _L, and, a =J_ iff w' = W _L and w does not contain _L. A 
configuration of V is a tuple (q,w), where q G Q is the current control state and w G S* is 
the current stack contents. There exists a transition (q,aw) — > (q',w'w) of V whenever (q,a) <—> 
(q'jW 1 ) G A. We call a sequence cq — ^> c\ • • • c z a run of "P. It is an accepting run if 
c o = (°0j-L) and c z = (g,u>) with g G J 7 . The language £("P) of a pushdown system is the set of 
all words labelling an accepting run. Such a language is context-free. Note, in some cases, we omit 
the output alphabet _T. In this case, the only character is the empty character e, with which all 
transitions are labelled. In general, we will omit the empty character e when it labels a transition. 

We use a theorem of Ehrenfeucht and Rozenberg [T3] . With respect to a context-free language 
C, a strong iterative pair is a tuple {x, y, z, u, t) of words such that for all i > we have xy l zuH G C, 
where y and u are non-empty words. A strong iterative pair is very degenerate if, for all i,j > 
we have that xy l zuH G C. 

Theorem 1 Q13J). For a given context-free language C, if all strong iterative pairs are very 
degenerate, then C is regular. 

However, Ehrenfeucht and Rozenberg do not present a constructive algorithm for obtaining a 
regular automaton accepting the same language as an appropriate context-free language. Hence, 
we provide such an algorithm in Section [51 



3 Non- Atomic Pushdown Systems 

Given an alphabet Q, let r{Q) = { r(g) \ g G Q } and w{Q) = { w(g) | g G G }■ These alphabets 
represent read and write actions respectively of the value g. 

Definition 3 (Non-atomic Pushdown Systems). Over a finite alphabet Q, a non-atomic 
pushdown system (naPDS) is a tuple V = (Q, S, A, qo, Q) where Q is a finite set of control- 
states, S is a finite stack alphabet with a bottom- of- stack symbol _L ; go G Q is a designated initial 
control state and A C (Q x S) x (r(G) U w(G) U { e }) x (Q x £*). 

That is, a non-atomic pushdown system is a PDS where the output alphabet is used to signal 
the interaction with a global store, and there are no final states: we are interested in the behaviour 
of the system, rather than the language it defines. 



Definition 4 (Networks of naPDSs). A network of n non-atomic pushdown systems (NPDS) 
is a tuple J\f = (Pi, . . . , P n ,Q, go) where, for all 1 < i < n, V% — (Qi, Si, Ai,q$, Q) is a NPDS 
over Q and go E G is the initial value of the global store. 

A configuration of an NPDS is a tuple (qi, w\, . . . , q n , w n ,g) where g £ Q and for each i, qi 6 Qi 
and Wi € £*. There is a transition (q\, W\, . . . , q n , w n , g) — > (q[ , w[, . . . , q' n , w' n ,g') whenever, for 
some 1 < i < n and all 1 < j < n with i ^ j, we have = q.j , w'j — uij , and 

— (qi, Wi) — > (q[, w^) is a transition of Vi and g' = g; or 

— (qi, Wi) ^> it)^) is a transition of 7^ and g' = 5; or 

— (qi, Wi) > (q'i, wi) is a transition of Vi- 

A path 7r of M is a sequence of configurations . . . c m such that, for all 1 < i < m, Ci — > Ci + \. 
A run of Af is a path such that c\ = (qp, _L, . . . , , _L, go) . 



4 The Parameterised Reachability Problem 

We define and prove decidability of the parameterised reachability problem for naPDSs. We finish 
with a few remarks on the extension to multiple variables, and on complexity issues. 

Definition 5 (Parameterised Reachability). For given naPDSs U and C over Q , initial store 
value go and control state q, the parameterised reachability problem asks whether there is some n 

such that the NPDS Af n = ^U, C, . . . , C, Q, go^ has a run to some configuration containing the 

control state q. 

In this section, we aim prove the following theorem. 

Theorem 2. The parameterised reachability problem for NPDSs is decidable. 

Without loss of generality, we can assume q is a control-state of U (a C process can write its 
control-state to the global store for U to read). The idea is to build an automaton which describes 
for each g g Q the sequences g\ . . . g m G Q* that need to be read by some C process to be able to 
write g to the global store. We argue using Theorem [T] that such read languages are regular (and 
construct regular automata using Lemma [S]). Broadly this is because, between any two characters 
to be read, any number of characters may appear in the store and then be overwritten before the 
process reads the required character. We then combine the resulting languages with U to produce 
a context-free language that is empty iff the control-state q is reachable. 



4.1 Regular Read Languages 

For each g € Q we will define a read-language C w ( g ) which intuitively defines the language of read 
actions that C must perform before being able to write g to the global store. Since C may have 
to write other characters to the store before g, we use the symbol # as an abstraction for these 
writes. The idea is that, for any run of the parameterised system, we can construct another run 
where each copy of C is responsible for a single particular write to the global store, and C w (g) 
describes what C must do to be able to write g. 

To this end, given a non-atomic pushdown system V we define for each g £ Q the pushdown 
system P w (g) which is V augmented with a new unique control-state /, and a transition (q, a) 

w{g) w(g') 

(/, a) whenever V has a rule (q,a) 1 > (q',w). Furthermore, replace all (q,a) 5 > (q',w) rules 

with (q,a) c — > (q',w) where # ^ Q. These latter rules signify that the global store contents have 
been changed, and that a new value must be written before reading can continue. This implicitly 
assumes that C does not try to read the last value it has written. This can be justified since, 



whenever this occurs, because we are dealing with the parameterised version of the problem, we 
can simply add another copy of C to produce the required write. 

We interpret / as the sole accepting control state of V w (g) an d thus £(Vw(g)) is the language 
of reads (and writes) that must occur for g to be written. We then allow any number of (ignored) 
read and # eventqj to occur. That is, any word in the read language contains a run of C with 
any number of additional actions that do not affect the reachability property interspersed. Let 
R = { r {9') I 9' e Q } U { # }, we define the read language C w r g ) Q R* for w(g) as 

C W (g) = { R*nR* ■ ■ ■ R*izR* I 71 • • • lz e £{V w(g) ) } . 

Note, in particular, that 71 . . . 7 Z € R*. 

Lemma 1. For all g G Q, C w ( g ) is regular and an NFA A accepting C w { g ), °f doubly- exponential 
size, can be constructed in doubly- exponential time. 

Proof. Take any strong iterative pair (x, y, z, t, u) of £ w ( g ) ■ To satisfy the preconditions of Theo- 
rcm[T] we observe that xzu G £ w (g) since we have a strong iterative pair. Then, from the definition 
of C w ( g ) we know xR*zR*u C C w r g \ and hence, for all i, j, xy l zPu C C w t g \ as required. Thus 
C w ( g ) is regular. The construction of A comes from Lemma [5] 



4.2 Simulating the System 

We build a PDS that recognises a non-empty language iff the parameterised reachability problem 
has a positive solution. The intuition behind the construction of V sys is that, if a collection of 
C processes have been able to use the output of U to produce a write of some g to the global 
store, then we may reproduce that group of processes to allow as many writes g to occur as 
needed. Hence, in the construction below, once qi G Ti has been reached, gi can be written at 
any later time. The # character is used to prevent sequences such as r(g)w(g')r(g) occurring in 
read languages, where no process is able to provide the required write w(g) that must occur after 
w(g'). Note that, if we did not use # in the read languages, such sequences could occur because 
the w(g') would effectively be ignored. 

The construction itself is a product construct between U and the regular automata accepting 
the read languages of C. The regular automata read from the global variable, writing =ff when a # 
action should occur. Essentially, they mimic the behaviour of an arbitrary number of C processes 
in their interaction — via the global store — with U and each other. The value of the global store 
is held in the last component of the product. 

Definition 6 (Vsys)- Given an naPDS U = (Qu, 2J, ^u,Qo ,G) with initial store value go, a 
control-state f £ Qu, and, for each g G Q, a regular automaton 

•Aw(g) = ( Qw(g)i Rj ^w(g)i w(g) i Qo ^) ' 

we define the PDS V sy s — (Q, A, qo, J~) where, if Q = { go, . . . , g m }, then 

- Q=Qu* Q W ( 90 ) x ■ ■ ■ x Q w{gm) x(6U{# }), 

- T = { f } x Q w(go) x • • • x Q w(gm) x(SU{# }), 

and A is the smallest set containing all (q, a) ^ (q' , w) where q = (qu, qo, . . . , q m , g) and, 

- q' = {q'u,qo, ■ ■ -,q m ,g) and (q u ,a) ^ (q u ,w) G A u , or 

r {9) 

- 1 = (<7^<7o, • ■ -,q m ,g) and (q u ,a) < > (q u ,w) G A u , or 

2 Extra # events will not allow spurious runs, as they only add extra behaviours that may cause the 
system to become stuck. This is because # is never read by a process. 



- l' = {quiQo,---,qm,g) and (qu,a) < > (q u , w ) S &u, or 

- q' = {qu,qo,---,q'i,---,qm,,9) andqi q[ e A i7 q t £ T t andw = a, or 

- q' = (qu, qo, - ■ • > <&> ■ ■ ■ , Qm, #) and q % ^> q[ E A t , q % £ J"j and w = a, or 

- q' = (qu,qo, ■ ■ ■ , q m ,9i), q< e ^ <™d w = a. 

The last transition in the above definition — which corresponds to some copy of C writing g± to 
the global store — can be applied any number of times; each application corresponds to a different 
copy of C, and, since we are considering the parameterised problem, we can choose as many copies 
of C as are required. 

Lemma 2. The PDS Vs ys has a run to some control-state in J 7 iff the parameterised reachability 
problem for U, C, Q , go and q has a positive solution. 

The full proof of correctness is given in the appendix. To construct a run reaching q from an 
accepting run of V sys we first observe that U is modelled directly. We then add a copy of C for 
every individual write to the global component of V sys - These slaves are able to read from/write 
to the global component finally enabling them to perform their designated write. This is because 
(a part of) the changes to the global store is in the read language of the required write. 

Concerning the counter-directional, we architecturalise an accepting run of V sy s from a run 
of the parameterised system reaching q. To this end, we observe again that we can simulate U 
directly. To simulate the slaves, we take, for every character g £ Q written to the store, the copy 
of C responsible for its first write. From this we get runs of the A w ( g ) that can be interleaved with 
the simulation of U and each other to create the required accepting run, where additional writes 
of each g are possible by virtue of A w ( g ) having reached an accepting state (hence we require no 
further simulation for these writes). 

Example Let U perform the actions r(l)r(2)w(ok)r(f) and C run either w(l)r(ok)w(go) or 
w(2)r(go)w(f). Let C±, . . . , £4 denote the following read languages. 

C w (i) = A»{2) = R* C w {go) = R*#R*r(ok)R* C w(f) = R*#R*r(go)R* 

Take two slaves C\ and Ci and the run (the subscript denotes the active process): 

w ( 1 )c 1 r ( 1 )w w ( 2 )c 2 r ( 2 )w u, ( o/c )w r '( oA: )c 1 u; (3o)c 1 ?, (5o) C2 'u;(/) C2 r(/) w . 

This can be simulated by the following actions on the global component of 7^ S ys' 

w (#)£ 3 w ( 1 )£ 1 r ( 1 ) W w (#)£ 4 w(2) £2 r(2) w w(o/c) w r(oA:) £3 U>(3o) £3 r( 5 o) £4 w(/) £4 r(/) w . 

Note, we have scheduled the w(ff) actions immediately before the write they correspond to. 



4.3 Complexity and Multiple Stores 

We obtain for each g e Q an automaton A w ^ g ) of size C^2 2i<n> ^ in C^2 2/< " ) ^ time for some 

polynomial / (using Lemma [5]) where n is the size of the problem description. The pushdown 

system V sys , then, has 0^2 2f ' 'J many control states for a polynomial /'. It is well known that 

reachability/emptiness for PDSs is polynomial in the size of the system (e.g. Bouajjani et al. [5]), 
and hence the entire algorithm takes doubly-exponential time. For the lower bound, one can reduce 
from SAT to obtain an NP-hardness result (as shown in the appendix) . Further work is needed to 
pinpoint the complexity precisely. 

The algorithm presented above only applies to a single shared variable. A more natural model 
has multiple shared variables. We may allow k variables with the addition of k global components 
Q\, . . . , Qk- The main change required is the use of symbols #1, . . . , #k rather than simply # and 
to build Vsys to be sensitive to which store is being written to (or erased with some #;). This 



does not increase the complexity since n = \Gi \ + ■ • ■ + \Gk\ m the above analysis and the cost of 
the k- product of variables does not exceed the cost of the product of the Aw{ g )- We give the full 
details in the appendix. Note that, using the global stores, we can easily encode a PSPACE Turing 
machine using LI, without stack, and an empty C. Hence the problem for multiple variables is at 
least PSPACE-hard. 

5 Non-parameterized Reachability 

We consider the reachability problem when the number of processes n is fixed. In the case when 
1 < n < 2, undecidability is clear: even with non-atomic read/writes, the two processes can 
organise themselves to overcome non- atomicity. When n > 2, it becomes harder to co-ordinate the 
copies of C. A simple trick recovers undecidability. More formally, then: 

Definition 7 (Non-parameterized Reachability). For given n andnaPDSsU andC over Q , 
initial store value g and control state q, the non-parameterised reachability problem asks whether 

the NPDS Af n — ^U,C, . . . ,C, G,go^ has a run to some configuration containing the control state 

q- 

Theorem 3. The non-parameterized reachability problem is undecidable when n > 1. When n > 1, 
the result holds even when Li is null. 

Proof. We reduce from the undecidability of the emptiness of the intersection of two context-free 
languages. First fix some n > 2 and two pushdown systems Vx, Vi accepting the two languages 
Ci and Li- 

We define C to be the disjunction of C\, . . . ,C n . That is, C makes a non-deterministic choice of 
which Ci to run (1 < i < n). Let 1, . . . , n, /, ! be characters not in the alphabet of C\ and Li- The 
process C\ will execute, for each 71 . . .j z £ £1, a sequence 

w(l)r(n)w(7i)r(!)w(7 2 )r(!) . . . w(j z )r(\)w(f) . 

It is straightforward to build C\ from V\. Similarly, the process Ci will execute, for each a\ . . . a m G 
£2, a sequence 

r(l)w(2)r('j 1 )w(\)r(j 2 )w(\) . . . r(j z )w(\)r(f) 

and move to a fresh control-state It is straightforward to build C2 from Vi- The remaining 
processes for 3 < i < n simply perform the sequence r{i — l)w{i). 

The control-state g/ can be reached iff the intersection of C\ and £2 is non-empty. To see this, 
first consider a word witnessing the non-emptiness of the intersection. There is immediately a run 
of J\f n reaching qf where each ith C process behaves as Ci. 

In the other direction, take a run of J\f n reaching qf. First, observe that for each 1 < i < n 
there must be some copy of C running Ci. This is because, otherwise, there is some i not written 
to the global store, and hence all i' > i, including n, are not written. Then C\ can never write / 
and C2 can never move to qf. Finally, take the sequence a\ . . . a m written by C\ (and read by C2). 
This word witnesses non-emptiness as required. 

In the case when n = 1, we simply have IA run C\ and C run C2. 

6 Making Ehrenfeucht and Rozenberg Constructive 

We show how to make Theorem [T] constructive. To prove regularity, Ehrenfeucht and Rozenberg 
assign to each word a set of types 9(w), and prove that, if 9{w) = 0(w'), then w ~ w' in the sense 
of Myhill and Nerode [19]. We first show how to decide 9(w) = 0(w'), and then show how to build 
the automaton. For the sake of brevity, we will assume familiarity with context-free grammars 
(CFGs) and their related concepts |19) . 



For our purposes, we consider a context-free grammar (in Chomsky normal form) G to be a 
collection of rules of the form A — > BC or A — > a, where A, B and C are non-terminals and a is 
a terminal in _T. There is also a designated start non-terminal S. A word u> is in C(G) if there is 
a derivation-tree with root labelled by S 1 such that an internal node labelled by A has left- and 
right-children labelled by B and C when we have A — > BC in the grammar and a leaf node is 
labelled by a when it has parent labelled by A (with one child) and A — > a is in the grammar. 
Furthermore w is the yield of the tree; that is, w labels the leaves. Note, all nodes must be labelled 
according to the scheme just described. One can also consider the derivation of w in terms of 
rewrites from S, where the parent-child relationship in the tree gives the requires rewriting steps. 

6.1 Preliminaries 

We first recall some relevant definitions from Ehrenfeucht and Rozenberg. We write # a (w) to 
mean the number of occurrences of the character a in the word w. 

Definition 8 (Type of a Word). Let T be an alphabet and let x,w £ r* , We say that w is of 
type x, or that x is a type of w (denoted t(x,w)) if 

1. for every a £ T . # a (x) < 1, and 

2. there exists a homomorphism h such that 

(a) for every a E T, h(a) £ a U ar*a, and 

(b) h(x) — w. 

If x satisfies the above, we also say that x is a type in r* . 

Given a CFG G in Chomsky normal form, we assume a derivation tree T of G is a labelled tree 
where all internal nodes are labelled with the non-terminal represented by the node, and all leaf 
nodes are labelled by their corresponding characters in r. Given a derivation tree T, Ehrenfeucht 
and Rozenberg define a marked tree T with an expanded set of non-terminals and terminals. 
Simultaneously, we will define the spine of a marked tree. Intuitively, we take a path in the tree 
and mark it with the productions of G that have been used and the directions taken. 

Given an alphabet of terminals and non-terminals S and a derivation tree T, define the al- 
phabet E = { (A, B, C, k) | k £ { 1, 2 } A A ->• BC £ G } U { {A, a) | A -> a £ G }. This is the 
marking alphabet of G. 

Definition 9 (Spine of a Derivation Tree). Let T be a derivation tree in G and let p — vq . . .v s 

be a path in T where s > 1, Vo is the root of T , v s is a leaf of T and £{vq), . . . ,l(v s ) are the labels 
corresponding to nodes of p. Now for each node Vj, < j < s, change its label to £(vj) as follows: 

1. if A — > BC is the production used to rewrite the node j (hence £(vj) = A) and Vj has a direct 
descendant to the left of p, then £(vj) is changed to £(vj) = (A, B 7 C, 1), 

2. if A —5- BC is the production used to rewrite the node j and vj has a direct descendant to the 
right of p, then £(vj) is changed to £(vj) = (A, B, C, 2), 

3. if A — > a is the production used to rewrite the node j then £(vj) is changed to £(vj) = (A, a), 
l£(v s ) = £(v s ). 

The resulting tree is called the marked p- version ofT and denoted byT(p). The word£(vo) . . .£(v s ) 
is referred to as the spine ofT(p) and denoted by Spine(T(p)) . 

We write 6(w, z) whenever there exists some u such that the word wu has a derivation tree T 
in G with a path p ending on the last character of w and with Spine(T(p)) = z. Then, we have 
9(w) = { x | 5(w, z) A t(x, z) }. Intuitively, this is the spine-type of w. 

Finally, Ehrenfeucht and Rozenberg show that, whenever all strong iterative pairs of G are 
very degenerate, then 6(w) = 6(w r ) implies w ~ w'. Since there are a finite number of types x, we 
have regularity by My hill and Nerode. 



6.2 Building the Automaton 

We show how to make the above result constructive. The first step is to decide 0(w) = 8(w') for 
given w and w' . To do this, from G and some type x, we build G x which generates all w such that 
S(w, z) holds for some z of type x. Thus x £ 9{w) iff w £ C{G X ). 

First note that there is a simple (polynomial) regular automaton A x recognising, for x = 
a\ . . .a s the language 

(^ai U ciiE aij . . . (^a s U a s S a s ^j 

and z £ C(A X ) iff z is of type x. The idea is to build this automaton into the productions of G to 
obtain G x such that all characters to the left (inclusive) of the path chosen by A x are kept, while 
all those to the right are erased. 

Definition 10 (G x ). For a given word type x and CFG G, the grammar G x has the following 
production rules: 

— all productions in G, 

— A q — ¥ B q iC £ for each A BC £ G and q — ; — ) q' in A x , 

( A B C 2 ) 

— A q -> BC q i for each A — > BC £ G and q — > q' in A x , 

— A q — > a for each A — > a £ G and q - — q' in A x where q' is a final state, 

— A e B e C e for each A ^ BC £G, 

— A £ — > e for each A — s> a £ G. 

The initial non-terminal is S qo where S is the initial non-terminal of G and go is the initial state 
of A x . 

The correctness of G x is straightforward and hence relegated to the appendix. 
Lemma 3. For all w, we have w £ C(G X ) iff x £ 8(w). 

Lemma 4 (Deciding 9(w) = 6(w')). For given w and w' , we can decide 6{w) = 9(w') in 
0(2^™)) time for some polynomial f where n is the size of G. 

Proof. For a given alphabet S, there are Y^rLi r ' types where m = \S\. Since m is polynomial in 
n, there are 0(2^ n n word types. Hence, we simply check w £ C(G X ) and w' £ £(G X ) for each 
type x. This is polynomial for each x, giving 0(2-^™)) in total. 

From this, we can construct, following Myhill and Nerode, the required automaton, using a 
kind of fixed point construction beginning with an automaton containing the state q e from which 
the equivalence class associated to the empty word will be accepted. 

Lemma 5. For a CFG G such that all strong iterative pairs are very degenerate, we can build an 
NFA A of0^2 2fi size in the same amount of time, where n is the size of G. 

Proof. Let G be a CFG such that all strong iterative pairs are degenerate. We build an NFA A 
such that C{G) = C(A) by the following worklist algorithm. 

1. Let the worklist contain only e (the empty word) and A have the initial state q e . 

2. Take a word w from the worklist. 

3. If w £ C(G), make q w a final state. 

4. For each a £ T 

(a) if there is no state q w > such that 9(wa) = 9(w'), add q wa to A and add wa to the worklist, 

(b) take q w < in A such that 9(wa) = 9(w'), 

(c) add the transition q w A q w > to A. 

5. If the worklist is not empty, go to point [21 else, return A. 

Since this follows the Myhill-Nerode construction, using 9{w) — 9{w') as a proxy for w ~ w' , 
we have that the algorithm terminates and is correct. Hence, with the observation that there are 
0[2 2t{n) ) different values of the sets 9(w), we have the lemma. 



7 Conclusions and Future Work 



In this work, we have studied the parameterised master/slave reachability problem for pushdown 
systems with a global store. This provides an extension of work by Kahlon which did not allow a 
master process, and communication was via anonymous synchronisation; however, this is obtained 
at the expense of atomic accesses to global variables. Our algorithm introduces new techniques to 
pushdown system analysis. 

An initial inspiration for this work was the study of weak-memory models, which do not 
guarantee that — in a multi-threaded environment — memory accesses are sequentially consistent. 
In general, if atomic read/writes are permitted, the verification problem is harder (for example, 
Atig et al. relate the finite-state case to lossy channel machines [3]); hence, we removed atomicity 
as a natural first step. It is not clear how to extend our algorithm to accommodate weak-memory 
models and it remains an interesting avenue of future work. 

Another concern is the complexity gap between the upper and lower bounds. We conjecture 
that the upper bound can be improved, although we may require a new approach, since the 
complexity comes from the construction of regular read languages. A related question is whether 
we can improve the size of the automata A w ^ g y Since a PDS of size n can recognise the language 
{a 2 }, we have a read language requiring an exponential number of a characters; hence, the 
■Aw(a) must be at least exponential in the worst case. It is worth noting that Meyer and Fischer 
give a language whose deterministic regular automaton is doubly-exponential in the size of the 
corresponding deterministic PDS |24) . However, in the appendix, we provide an example showing 
that this language is not very degenerate. If the PDS is not deterministic, Meyer and Fischer prove 
there is no bound, in general, on the relationship in sizes. 

Finally, we may also consider applications to recursive ping-pong protocols in the spirit of 
Delzanno et al. [T2] . 
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A Proofs for Section [4] 



The proof of Lemma [5] is split into the following two lemmas. 

Lemma 6. The PDS V sys has a run to some control-state in T , then the parameterised reacha- 
bility problem for IA, C, Q , go and q has a positive solution. 

Proof. Take an accepting run of Vsys- We can extract a number of sequences from this run. First, 
let G = g G , . . . ,g G be the sequence of values written to the global (last) component of P sys 's 
control-state. Note, g G — go. Then, for each g £ Q that is written to the global component, let R g 
be the sequence of read and # events that took Awfg) from to a state in J~~ w (g)- Since this 

is accepted by the read language of g, there is a subword r (g 1 ) , . . . , r(g x ) of R g and sequences of 
writes Wo, ... , W x such that Wor^g 1 ) Wi . . . r(g x )W x w(g) is a run of C (with internal transitions 
hidden). 

Furthermore, let be a sequence of # characters the same length as Wi. Notice, we can 
fix a sub-sequence G g — • • • g x # x g of R g corresponding to a run of C in the sense that, # 

characters represent some write action, the g h for all 1 < h < x are read events of g h , and g is a 
write of g. Similarly, IA has a sub-sequence Gu leading to q. This sequence is mapped on to G as 
follows. The sequence G partitions the run of V sys into contiguous sections with each g l G beginning 
a new section. Since G g is a sub-sequence of R g which is in turn a sub-sequence of the run of V sys , 
there is a natural mapping of elements of G g to the transitions in the run of V sys . Each character 
is mapped to the element of G that begins the section the transition occurs in. Similarly, IA has a 
sequence Gu leading to q. 

We create the NPDS which has a unique process C for each g G in G that is not # and is 
not written by IA (that is, a process for each individual write). We build the run in z segments: 
one for each g G . In each segment, all processes whose sub-sequence G g or Gu maps a character 
onto g G will be scheduled to make the corresponding transitions. These can be scheduled in any 
order, except the process running first in the segment must be the process responsible for writing 
g l G . When g G — the process will not write # to the store, but some other character. Since no 
process reads # this is safe. 

Observe that there may be some g G that are not written by any process. In this case g£j = # 
(since we allowed # to occur at any time) and, because no process reads the corresponding 
segment is merely e. 

Lemma 7. // the parameterised reachability problem for IA, C, Q , go and q has a positive solution, 
then V sys has a run to some control-state in T . 

Proof. Take a run C = coC\ . . . c z of the NPDS with n copies of C that reaches q. From this, 
we build an accepting run ir of V sys - The initial configuration of n is , qo^ 9 ° \ ■ ■ ■ , %^ 9m \ 9o*j ■ 
Assume we have a run iii corresponding to the run of the NPDS up to Ci. This run will have the 
property that the first component (the control-state of U) of the last configuration in 7r.j will match 
the control-state of IA in . Hence, 7r z will be the required accepting run. 

Take the first write of w(g) of each g G Q that is written by some copy of C. Take the run of C 
that produced the write which is a sequence of reads and writes WoR\W\ . . . R X W X (with internal 
moves omitted). Let #j be a sequence of # characters with the same length as Wj. There is as 

accepting run q^ (s) q™ {g) ^ ■ ■ ■ ^ q y {g) of A w{g ) where #o-Ri#i-Ri ■ ■ ■ R x # x = 7i • ■ • ly 
Furthermore, 71 . . . 7 y can be mapped onto a sub-word of the sequence of actions taken on the 
global component up to the first write of g. 

Let {^i u , q^ 9o \ ■ ■ ■ , Qi'J' 9 " 1 ^, be the final configuration of 7^. We extend 7r, with the following 
transitions, in order of appearance. 

— For all g such that we have a maximal path q™^ • • • r< * 9 \ ma ke the transitions to 

q^fl- (That is, read g as many times as possible.) 



— If the transition between c» and Cj+i is a move of U, then simulate the move directly. 

— If the transition is a write move w(g) by a copy of C which is not responsible for the first write 

of g, but is responsible for for the first write of some other g' , then advance q™^ 9 ^ q^f \ 

setting the global component to # as required. Note that the transition from q™^ 9 ^ must be a 
# move since it is a write move of C and all preceding reads and writes have been simulated. 

— Further to the above, if it is a write of g by some C, we know that q™ ^ is an accepting state 
of A w ( g ). This is because we have been simulating the sequence WqR\Wi . . . R X W X with the 
accepting run # Ri#i . . . R x # x . Hence we can (and do) perform the write of g to the global 
component. 

— Other types of transitions have no further updates to 7r». In particular, if the transition is a 
read move by some copy of C we do not add any transitions (these moves are taken care of 
more eagerly above). 

This completes the construction of 7Tj, and thus TT y gives us a required accepting run of V sys . 

B Non-Atomic Pushdown Systems with Multiple Variables 
B.l Model Definition 

Definition 11 (Non-atomic Pushdown Systems with Multiple- Variables). Over a par- 
titioned finite alphabet Q = Q\ l±l • • • l±l Gk, a non-atomic pushdown system (naPDS) is a tuple 
V = (Q, S, A, qo, Qi, . . . , Gk) where Q is a finite set of control- states, £ is a finite stack alphabet, 
qo e Q is a designated initial control state and A C (Q x S) x (r(Q) U w(G) U { e }) x (Q x £*). 

Definition 12 (Networks of naPDSs with Multiple Variables). A network ofn non-atomic 
pushdown systems (NPDS) is a tuple J\f = (V\, . . . , V n , Gi, ■ ■ ■ , Gki9o' ■ ■ ■ j So) where, for all 1 < 
i <n,Vi= [Qi, Si, A l ,q\, Gi, ... , Gk) is a NPDS over Gi, ■ ■ ■ , Gk and for all 1 < i < k, g l e Gi 
is the initial value of the ith global store. 

A configuration of an NPDS is a tuple (q\, w\, . . . , q n , w n , gi, . . . , gk) where gi € Gi for each 
1 < i < k, and for each 1 < i < n, qi G Qi and Wi € E*. We have a transition 

{qi,W!, . . .,q n ,w n ,gi, ...,g k )^ {q[,w[, . . . ,q' n ,w' n ,g[, ...,g' k ) 

whenever, for some 1 < i < n and all 1 < j < n with i ^ j we have q'j = qj, w'^ = Wj, and 

— (qi, Wi) — > (q[, w[) is a transition of Vi and for all 1 < I < k, g[ = gr, or 

— (qi,Wi) r ^ 3l \ (g-,w-) is a transition of Vi for some 1 < I < k and for all 1 < V < k, g[, — gi>; 
or 

wfg'i) 

— (qi,Wi) > (q[, w[) is a transition of Vi for some 1 < I < k and for all 1 < V < k such that 

i' + g[> = gi>- 

A path 7r of Af is a sequence of configurations c\c<2 . . . c z such that, for all 1 < i < z, Ci — > Cj+i. A 
run of M is a path such that c\ = (q>o, -L, . . . , qft , _L, g^, . . . , gj$). 

B.2 Reachability Analysis 

In this section, we aim prove the following theorem. 

Theorem 4. The parameterised reachability problem for NPDSs with multiple variables is decid- 
able. 

Again, we assume q is a control-state of U. The idea is the same as the single variable case, 
except for some minor adjustments to handle the extra variables. 



Regular Read Languages Given a non-atomic pushdown system V we define for each g E Q 
the pushdown system V w ( g ) which is V augmented with a new unique control-state /, and a 

transition (q, a) <-> (/, a) whenever V has a rule (q,a) c — (q',w). Furthermore, replace all 
w(g') # i 

(q, a) 5 > (q , w) rules with (q, a) c — > (q , 10) where #i GiU ■ ■ ■ UQk and </ e Gi- 

Again, we interpret / as the sole accepting control state of V w ( g ) giving the read language 
C- w { 3 ) for w(g) defined as 



-w(g) 



{ R* 7l R* . . . R* lz R* | 71 ■ • - 7* e C(V w{g) ) } 



where R = { r(g') \ g' G Q } U { # 1; . . . , # fe }. 

Lemma 8. For a// g E G, £ w (g) * s regular and an NFA A accepting £ w (g)> °f doubly- exponential 
size, can be constructed in doubly- exponential time. 

Proof. Identical to the single variable case. 



Simulating the System We build a PDS that recognises a non-empty language iff the param- 
eterised reachability problem has a positive solution. The intuition behind the construction of 
V S ys is the same as the single variable case, except minor adjustments are needed to handle the 
interaction with multiple variables. 

Definition 13 (P sys ). Given an naPDS U = (Qu, E, A u ,$ ,Gi, ■ ■ ■ ,Gk) over G = £i W • • ■ W Gk 

with initial values g$, . . . ,g$, a control-state f E Qu, and, for each g G G, a regular automaton 

A«(g) = (Qw(g),R,^w(g),J r w( g ),Q:o^ ) )' we de fi ne the PDS V sys = (Q, E , A, q , T) where 



we let, for all i, Gi = { g l , ■•■,9m, } and, 



let Q = Q„ 



xg / ! \ x ■ ■ ■ x Q ( k \ x • • 



M) x 

Q = Qu x Q x (Gi U { #! }) x • • ■ x (Gk U { # fe }), 

• • • , % , 9o 1 • 



X Q W (gt k )' tHen 



,9o 



- qo= 

- T = { f } x Q x (Gi U { #! }) x • • • x (Gk U { # fe }), 

and Z\ is t/ie smallest set containing all (q,a) <^-> (q',w) where q = (qu, q$, ■ . ■ , q^ k , gi, . ■ . , gk) 
and, 



- q' = [q u ,ql 

- q' = [q u ,ql 

- q' = (t&t,qh 

- q' = {qu,ql 

or 

- q' = (qu,qo 

-q' = 



,Qm k ,9i,---,9k) and (qu,a) ^ (q u ,w) E A u , or 



r (gi) 



,Qm k ,9i,---,9k) and (q u ,a) < — U- (q u ,w) E A u for some i, or 

,Qm k ,9i,---,9i,---,9k) and (qu,a) < > (q u , w ) € A U for some g[ E Gi, or 

■ ,Pj, ■■■,Qm k ,9i,-- -,9k) and q) -^4 p) E A) for some I, q) £ T) and w = a, 



,Pj 

k 



(qu,qh 

We have the following property. 



,Qm k , 9i, •■•,#«.•• -,9k) and q) ^ p) E A), q) £ T) 
g),...,g k ), q) E T) and w = a. 



w = a, or 



Lemma 9. The PDS Vsys has a run to some control-state in F iff the parameterised reachability 
problem for U, C, Gi, ■ ■ ■ , Gk, 9o, ■ ■ ■ > 9o and <Z has a positive solution. 

We prove this property in the following lemmas, and conclude that the parameterised reacha- 
bility problem with multiple variables is decidable. 

Lemma 10. The PDS V sys has a run to some control-state in T , then the parameterised reach- 
ability problem for U , C, Gi, ■ ■ ■ ,Gk, 9o, ■ ■ ■ > 9o and q has a positive solution. 



Proof. Take an accepting run of V sys . We can extract a number of sequences from this run. First, 
let G = g 1 , . . . , g z be the sequence of updates to the global (last k) components of V sy s's control- 
state. That is, g 1 — (<?q, . . . ,g$), and g l+1 is generated from g l by the next change to a global 
component. Then, for each g that is written to a global component, let R g be the sequence of read 

and #1, . . . , #fe events that took Au(g) from q™ to a state in J- W t g )- Since this is accepted by the 
read language of g, there is a subword r (g 1 ) , . . . , r(g x ) of R g and sequences of writes Wq, . . . , W x 
such that Wor^g^Wi . . . r(g x )W x w(g) is a run of C (with internal transitions hidden). 

Furthermore, let # l be a sequence of actions derived from Wi by replacing each write to a 
variable j with the character #j. We can fix a sub-sequence G g = #°.g 1 • • • g x # x g of R g corre- 
sponding to the run of C above. This sequence is mapped on to G as follows. The sequence G 
partitions the run of V sys into contiguous sections with each g % beginning a new section. Since 
G g is a sub-sequence of R g which is in turn a sub-sequence of the run of V sys , there is a natural 
mapping of elements of G g to the transitions in the run of V sys . Each character is mapped to 
the element of G that begins the section the transition occurs in. Similarly, U has a sequence Gu 
leading to q. 

We create the NPDS which has a unique process C for each g % in G that is not a #j event for 
some j and is not written by IA (that is, a process for each individual write). We build the run 
in z segments: one for each g % . In each segment, all processes whose sub-sequence G 9 (when the 
update given by g l is a write of the character g) or Gu maps a character onto g l will be scheduled 
to make the corresponding transitions (including internal transitions). These can be scheduled in 
any order, except the process running first in the segment must be the process responsible for 
writing g. When g l is a write of the process will not write #j to the j'th component of the 
store, but some other character. Since no process reads this is safe. 

Observe that there may be some updates g l that are not written by any process. In this case 
the update is the write of some #j (since we allowed #j to occur at any time) and, because no 
process reads #j, the corresponding segment is merely e. 

Lemma 11. // the parameterised reachability problem for U , C, Gl, ■ ■ ■ , Gk, go, ■ ■ ■ , ffo an< ^ 1 ^ as 
a positive solution, then V sys has a run to some control-state in T . 

Proof. Take a run C = cqC\ . . . c z of the NPDS with n copies of C that reaches q. From this, we 
build an accepting run tt of Vsys- The initial configuration of ir is 

u w (so) w (at k ) i k 

% ,% ,■■■,% ,9a 

Assume we have a run iri corresponding to the run of the NPDS up to This run will have the 
property that the first component (the control-state of U) of the last configuration in 7r.j will match 
the control-state of IA in q. Hence, 7r z will be the required accepting run. 

Take the first write of w{g) for each g G G that is written by some copy of C. Take the run of C 
that produced the write which is a sequence of reads and writes WqR\W\ . . . R X W X (with internal 
moves omitted). Let # J be a sequence of • • • , characters derived from Wj as in the proof 
of Lemma [TU1 There is an accepting run of A w ( g j 

w(g) 71 w(g) 12 lv w ( g ) 

where . . . R x # x = 71 . . .7^. Furthermore, 71 . . . j y can be mapped onto a sub- word of 

the sequence of actions taken on the global components up to the first write of g. 

(u tu (so) w (3m ) \ 

, Qj , . . . , q, k , <?i, . . . , gk ) be the final configuration of 71^. We extend 7Tj with 

the following transitions, in order of appearance. 

— For all g such that we have a maximal path q™^ — ^» • • • ^ \ Qi^+i where g^ for 1 < j < y 
are characters in { g%, . . . , g^ }, make the transitions to (That is, read the current global 

store as many times as possible.) 



— If the transition between Cj and Cj+i is a move of Li, then simulate the move directly. 

— If the transition is a write move w{g) for some g € Q by a copy of C which is not responsible 
for the first write of g, but is responsible for for the first write of some other g' , then advance 

wig) #j wig) .liiii • i tvt i i ■ • 

q i , — > q i ] , setting the jth global component to #j as required. Note that the transition 

from q i ^ 9 ^ must be a ffj move since it is a write move to the jth component of C and all 
preceding reads and writes have been simulated. 

— Further to the above, if it is a write of g by some C, we know that is an accepting state 
of A w ( g ). This is because we have been simulating the sequence WqR\W\ . . . R X W X with the 
accepting run #o-Ri#i ■ • • Rx&x- Hence we can (and do) perform the write of g to the global 
component. 

— Other types of transitions have no further updates to 7Tj. In particular, if the transition is a 
read move by some copy of C we do not add any transitions (these moves are taken care of 
more eagerly above). 

This completes the construction of 7Tj, and thus 7r y gives us a required accepting run of V sys . 
C Complexity Lower Bounds 

Theorem 5. The parameterised reachability problem for NPDSs with a single global store is NP- 
hard, even when the stacks are removed. 

Proof. We reduce from SAT. The encoding is as follows: U first guesses an assignment to the 
variables xi, ■ . ■ ,x n (say). He does this by writing lj or 0^ to the global store for each 1 < i < n. 
The C process has n branches. Along the ith branch it reads, and remembers in its control state, 
the value of X4 written by U. Then, whenever a symbol ?, can be read from the global store, C 
reads it and writes li or 0^ as appropriate. 

Then, also in its control state, U evaluates the boolean formula. When it needs to obtain the 
value of Xi. it writes ?j to the global store and waits for a copy of C to return the answer. A 
unique control state is reached if the formula evaluates to true. Hence, the defined parameterised 
reachability instance reaches this control state iff the formula can be satisfied. 

It is not immediately obvious how to evaluate the formula in the control state. The technique 
is the same as in Hague and Lin [17] . To evaluate a non-atomic formula, we store it as a tree in the 
control state. Evaluation uses a kind of tree automaton (the run of which is encoded into the state 
space). The tree automaton navigates the tree in left most, depth first order. First it moves down 
to the left most leaf. This will be an atomic proposition. The proposition is evaluated using the 
technique above and the value is passed up to the parent. When first returning to a parent node, 
it is marked as seen. If the node is a disjunction, and the value returned is 1, then the automaton 
returns to the parent, also carrying the 1, otherwise it moves down into the right subtree. The 
automaton eventually returns from this tree with a value. Since the node is marked, it detects that 
it has fully evaluated the disjunction and returns the value to the parent. Evaluation is analogous 
for conjunction. Finally, a value is returned from the root. 

The evaluation above only introduces a polynomial number of control states. Because the tree is 
navigated in left most depth first order, there are a linear number of different markings (if the right 
hand subtree is not visited, we can simply mark all of the nodes in this subtree without affecting 
the execution). Then, to keep track of the automaton, we attach the state of the automaton to 
the node of the tree it is at. This is only polynomial since there is only one node marked by the 
automaton state at a time. 

D Proofs for Section Section [6] 

Lemma [3j For all w, we have w € C(G X ) iff x £ 9(w). 



Proof. First, assume w G C{G X ). We show x G 6{w). Take the derivation tree of w in G x . By 
definition, this tree has a path marked by a run of A x , such that w is derived to the left (inclusive) of 
the path, and the empty word is derived to the right. By replacing all non-terminals A q and A £ with 
their corresponding non-terminals in G, and adjusting the applied production rules accordingly, 
we obtain a derivation tree of some word wu containing a spine of type x. Hence x G 8(w), as 
required. 

In the other direction, consider the derivation tree T of wu with a spine of type x that witnesses 
x G 0(w). The spine induces an accepting run of A x . Thus, we build a derivation tree of G x 
where all non-terminals and productions to the left of the spine are the same, all non-terminals 
and productions along the spine are annotated with the run of A x and all non-terminals and 
productions to the right are replaced by their empty equivalent, e.g. A e . This induces a derivation 
tree of w in G x as required. 

E Lower Bounds on Automata Size 

We mentioned in the conclusion the problem of whether the doubly-exponential size of the NFA 
built from a very degenerate context-free language must be doubly-exponential in the worst case. 
We have been unable to obtain this lower bound. Since, in Section [6l we construct a deterministic 
finite-automaton, one may ask whether a result of Meyer and Fischer [53] — that there is a 
deterministic PDS accepting a language whose corresponding deterministic finite automaton is 
doubly-exponential — can provide a lower bound in the deterministic case. Unfortunately we 
provide a counter-example below. The language /„ given by Meyer and Fischer is described as 
followfH 

"7 n consists of words in { 0, 1, oi, . . . , a n }* { 0,1 } n 1 accepted by a deterministic push- 
down store machine which operates as follows: 

1. Copy the input onto the store until input a\ is encountered. If a\ does not occur, reject 
the input. 

2. Set i = 2. 

3. If the next input is zero, pop the store until the first occurrence of a^. If the next input 
is a one, pop the store to the second occurrence of a^. If any other input is encountered, 
or the occurrences of cii are not found, reject the input. 

4. Increment i by one. 

5. If i < n, repeat step [3] 

6. If the digit on top of the store is 1 and there are no more input symbols, accept the 
input. Otherwise reject the input." 

Intuitively, the input up to a\ is interpreted as representing a binary tree in post-fix notation 
(although the PDS cannot enforce this with a small number of states, hence even "malformed" 
trees are accepted). After oi, we see a sequence of 0s and Is tracing a path in the tree. If this path 
ends on a node labelled by a 1, then we accept. Since there are doubly-exponential trees of depth 
n labelled at the leaves by and 1, we get that the corresponding deterministic finite automaton 
must by doubly-exponential. 

However, let n = 3 and consider the strong iterative pair 

(x, y, z, t, u) = (0a3la 3 a 2 , 0a 3 0a 3 a 2 , £, 0a 3 la 3 a2, 0a 3 0a 3 a 2 ail0) . 

In the following, wc underline the part of the input identified by the suffix 10. For i = we have 
xy l zt l u = 0a 3 j_a 3 a2 0a 3 0a 3 d2ail0 and for i > we have 

xy 1 zt l u = . . . tu = . . . 0a 3 l_a 3 a2 0a 3 0a 3 a2Oil0 . 

3 In the original definition, the word finishes with { 0, 1 } n , though we believe this to be a mistake. After 
this correction, the size of the finite automaton is 2 . One could, of course, make other corrections 
to preserve the 2 2 claimed. 



In both cases one can verify membership in /„. 

However, consider i = 1 and j — 0. Then xy % zPu — ...yu = ...0a 3 0a 3 a 2 0a30a3a2ail0, 
which is not in I n . Essentially, the sub-tree given by y violates the acceptance condition. When an 
occurrence of y necessitated an occurrence of t, the automaton would never read into y. However, 
when y and t are disconnected, y may not be "protected" by t. 



